ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
astanislaus
New User
astanislaus
Posts: 3
Registered: ‎07-04-2008
0

AUthentication Window does not pop-up

Options

‎07-04-2008 01:06 AM

1.       Initiate HTTPS from browser – No authentication window.

2.       Get auth table – No users in table.

3.       After several attempts on HTTPS, we tried to initiate HTTP from browser – Authentication window received

4.       Get auth table – One user was seen

 

=========================================================================================

 

  • A detailed description of the problem:
-       We configured authentication on advance policy settings on a certain FW policy on Netscreen. We were able to receive an authentication window on HTTP but failed on HTTPS, PING and Traceroute.
  • Model of the firewall you have
-       SSG-550
  • Exact software version
-       5.1.0r4c.6_ssg 
Message 1 of 7 (11,768 Views)
 
Reply
Trusted Expert
Trusted Expert
Kashif-rana
Posts: 416
Registered: ‎01-29-2008
0

Re: AUthentication Window does not pop-up

Options

‎07-04-2008 03:41 AM

Hi,

 

Actually inline authentication (run time authentication) works for only telnet, ftp and http traffic. If u want to use inline authentication for other traffic like https, ssh etc. Do one thing make a service group, add all ur desired services (https, ssh) AND one or all three services (ftp, http, telnet) also in that service group. Use this service group in policy from untrust to trust. Now u can use inline authentication for https, ssh etc.

 

Please let me know this solves ur problem?

 

Thanks

Kashif Rana
00971555962393
JNCIE-SP#1428,JNCIE-SEC#55,JNCIP(SP,ENT,SEC),JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!
Message 2 of 7 (11,755 Views)
 
Reply
7wonders
Contributor
7wonders
Posts: 33
Registered: ‎07-08-2008
0

Re: AUthentication Window does not pop-up

Options

‎07-08-2008 02:12 PM

Thanks Rana, i am also facing a same issue, could you please help in commands as well?

 

thanks

 

- Ray

Message 3 of 7 (11,666 Views)
 
Reply
Trusted Expert
Trusted Expert
AndyC
Posts: 441
Registered: ‎07-08-2008
0

Re: AUthentication Window does not pop-up

Options

‎07-08-2008 09:29 PM

Hi,

 

Kashif-rana is correct you can't do pop up authentication with HTTPS, adding http, telnet or ftp to the policy to authenticate the user is a work around, but it is not very secure are you are opening up a port that is not wanted through that policy.

 

As of 6.1 i believe that you can do redirect of unauthenticated traffic to a web auth address to authenticate the user and then allow them through the policy. This would be much cleaner as it means that you only need to open HTTPS through the policy. Have a look in the Concepts and Examples under authentication and web auth (Chapter 4 page 49).

 

I have not had a chance yet to try this so give it a go and let me know if it works.

 

Hope this helps 

 

Regards

 

Andy

JNCIS-FWV
JNCIA-WX
JNCIA-SSL
JNCIA-ER
Message 4 of 7 (11,645 Views)
 
Reply
Trusted Expert
Trusted Expert
Kashif-rana
Posts: 416
Registered: ‎01-29-2008

Re: AUthentication Window does not pop-up

Options

‎07-08-2008 11:04 PM

Hi,

 

-Make service object for ur required services like https, ping but also for one or all of services (http, telnet, ftp) using the command:

 set service https protocol tcp src-port 0-65535 dst-port 443 (for https)

 set service ping protocol icmp (for ping)

 set service http protocol tcp src-port 0-65535 dst-port 80 (for http)

 

-Make service group for all the services u created above

  set group service "services-for-auth"

  set group service "services-for-auth" add https 

  set group service "services-for-auth" add http

  set group service "services-for-auth" add ping

 

-In policy which u created for authentication, edit that policy and in Service select the service group "services-for-auth" which u have created above.

 

Hope this helps

Thanks 

Kashif Rana
00971555962393
JNCIE-SP#1428,JNCIE-SEC#55,JNCIP(SP,ENT,SEC),JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!
Message 5 of 7 (11,639 Views)
 
Reply
7wonders
Contributor
7wonders
Posts: 33
Registered: ‎07-08-2008
0

Re: AUthentication Window does not pop-up

Options

‎08-30-2008 01:45 PM

Thanks Kashif & Andy, that really helps

 

-Ray

Message 6 of 7 (11,031 Views)
 
Reply
Trusted Contributor
michael.saw
Posts: 828
Registered: ‎09-26-2011
0

Re: AUthentication Window does not pop-up

Options

‎07-05-2012 10:51 PM

Anyone experienced this on SRX (Web Auth unable to pop-up)?

 

Is there any kb or doc links, to reference for troubleshooting purposes?

Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT, JNCIS-SEC
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Message 7 of 7 (332 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.